File mingw32-openssl-1_1.spec of Package mingw32-openssl-1_1

Overview Repositories Revisions Requests Users Attributes Meta

File mingw32-openssl-1_1.spec of Package mingw32-openssl-1_1

#
# spec file for package mingw32-openssl-1_1
#
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define _with_check 1
# depends on working dladdr
%define _with_hmac 0
%define _with_man 0
%define livepatchable 0
%define ssletcdir %{_mingw32_sysconfdir}/ssl
%define maj_min 1_1
%define _rname  openssl
Name:           mingw32-openssl-1_1
# Don't forget to update the version in the "openssl" package!
Version:        1.1.1q
Release:        0
Summary:        Secure Sockets and Transport Layer Security
License:        OpenSSL
Group:          Productivity/Networking/Security
URL:            https://www.openssl.org/
Source:         https://www.%{_rname}.org/source/%{_rname}-%{version}.tar.gz
# to get mtime of file:
Source1:        %{name}.changes
#Source2:        baselibs.conf
Source3:        https://www.%{_rname}.org/source/%{_rname}-%{version}.tar.gz.asc
# https://www.openssl.org/about/
# http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA2D29B7BF295C759#/openssl.keyring
Source4:        %{_rname}.keyring
Source5:        showciphers.c
Source6:        %{name}-rpmlintrc
# PATCH-FIX-OPENSUSE: do not install html mans it takes ages
Patch1:         openssl-1.1.0-no-html.patch
Patch2:         openssl-truststore.patch
Patch3:         openssl-pkgconfig.patch
Patch4:         openssl-DEFAULT_SUSE_cipher.patch
Patch5:         openssl-ppc64-config.patch
Patch6:         openssl-riscv64-config.patch
# PATCH-FIX-UPSTREAM jsc#SLE-6126 and jsc#SLE-6129
Patch8:         0001-s390x-assembly-pack-perlasm-support.patch
Patch9:         0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch
Patch10:        0003-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch
Patch11:        0004-s390x-assembly-pack-fix-formal-interface-bug-in-chac.patch
Patch12:        0005-s390x-assembly-pack-import-chacha-from-cryptogams-re.patch
Patch13:        0006-s390x-assembly-pack-import-poly-from-cryptogams-repo.patch
# PATCH-FIX-UPSTREAM bsc#1152695 jsc#SLE-7861 Support for CPACF enhancements - part 1 (crypto)
Patch16:        openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
Patch17:        openssl-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch
Patch18:        openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
Patch19:        openssl-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch
Patch20:        openssl-s390xcpuid.pl-fix-comment.patch
Patch21:        openssl-assembly-pack-accelerate-scalar-multiplication.patch
Patch22:        openssl-Enable-curve-spefific-ECDSA-implementations-via-EC_M.patch
Patch23:        openssl-s390x-assembly-pack-accelerate-ECDSA.patch
Patch24:        openssl-OPENSSL_s390xcap.pod-list-msa9-facility-bit-155.patch
Patch25:        openssl-s390x-assembly-pack-cleanse-only-sensitive-fields.patch
Patch26:        openssl-s390x-assembly-pack-fix-OPENSSL_s390xcap-z15-cpu-mas.patch
Patch27:        openssl-s390x-assembly-pack-fix-msa3-stfle-bit-detection.patch
Patch28:        openssl-Fix-9bf682f-which-broke-nistp224_method.patch
# FIPS patches
Patch30:        openssl-1.1.1-fips.patch
Patch31:        openssl-1.1.1-fips-post-rand.patch
Patch32:        openssl-1.1.1-fips-crng-test.patch
Patch33:        openssl-1.1.0-issuer-hash.patch
Patch34:        openssl-fips-run_selftests_only_when_module_is_complete.patch
Patch35:        openssl-ship_fips_standalone_hmac.patch
Patch36:        openssl-fips_mode.patch
Patch37:        openssl-1.1.1-evp-kdf.patch
Patch38:        openssl-1.1.1-ssh-kdf.patch
Patch39:        openssl-fips-dont_run_FIPS_module_installed.patch
Patch40:        openssl-fips-selftests_in_nonfips_mode.patch
Patch41:        openssl-fips-clearerror.patch
Patch42:        openssl-fips-ignore_broken_atexit_test.patch
Patch43:        openssl-keep_EVP_KDF_functions_version.patch
Patch44:        openssl-fips_fix_selftests_return_value.patch
Patch45:        openssl-fips-add-SHA3-selftest.patch
Patch46:        openssl-fips_selftest_upstream_drbg.patch
Patch47:        openssl-unknown_dgst.patch
# PATCH-FIX-UPSTREAM jsc#SLE-7403 Support for CPACF enhancements - part 2 (crypto)
Patch50:        openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch
Patch51:        openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch
Patch52:        openssl-1.1.1-system-cipherlist.patch
# PATCH-FIX-OPENSUSE jsc#SLE-15832 Centralized Crypto Compliance Configuration
Patch53:        openssl-1_1-seclevel.patch
Patch54:        openssl-1_1-use-seclevel2-in-tests.patch
Patch55:        openssl-1_1-disable-test_srp-sslapi.patch
Patch56:        openssl-add_rfc3526_rfc7919.patch
Patch57:        openssl-1_1-use-include-directive.patch
#PATCH-FIX-UPSTREAM jsc#SLE-18136 POWER10 performance enhancements for cryptography
Patch69:        openssl-1_1-Optimize-ppc64.patch
#PATCH-FIX-UPSTREAM jsc#SLE-19742 Backport Arm improvements from OpenSSL 3
Patch70:        openssl-1_1-Optimize-RSA-armv8.patch
Patch71:        openssl-1_1-Optimize-AES-XTS-aarch64.patch
Patch72:        openssl-1_1-Optimize-AES-GCM-uarchs.patch
#PATCH-FIX-SUSE bsc#1182959 FIPS: Fix function and reason error codes
Patch73:        openssl-1_1-FIPS-fix-error-reason-codes.patch
# PATCH-FIX-UPSTREAM 
Patch74:        openssl-1.1-fix-mingw-compile.patch
BuildRequires:  mingw32-cross-gcc
BuildRequires:  mingw32-dlfcn-win32-devel
BuildRequires:  mingw32-cross-wine
BuildRequires:  mingw32-zlib-devel
Conflicts:      mingw32-ssl
Provides:       mingw32-ssl
Provides:       mingw32-openssl(cli)
# Needed for clean upgrade path, boo#1070003
Obsoletes:      mingw32-openssl-1_0_0 < %{version}
# Needed for clean upgrade from former openssl-1_1_0, boo#1081335
Obsoletes:      mingw32-openssl-1_1_0 < %{version}
%_mingw32_package_header_debug
BuildArch: noarch

%description
OpenSSL is a software library to be used in applications that need to
secure communications over computer networks against eavesdropping or
need to ascertain the identity of the party at the other end.
OpenSSL contains an implementation of the SSL and TLS protocols.

%package -n mingw32-libopenssl1_1
Summary:        Secure Sockets and Transport Layer Security
License:        OpenSSL
Group:          Productivity/Networking/Security
Recommends:     mingw32-ca-certificates-mozilla
# install libopenssl and libopenssl-hmac close together (bsc#1090765)
Suggests:       mingw32-libopenssl1_1-hmac = %{version}-%{release}
# Needed for clean upgrade from former openssl-1_1_0, boo#1081335
Obsoletes:      mingw32-libopenssl1_1_0 < %{version}

%description -n mingw32-libopenssl1_1
OpenSSL is a software library to be used in applications that need to
secure communications over computer networks against eavesdropping or
need to ascertain the identity of the party at the other end.
OpenSSL contains an implementation of the SSL and TLS protocols.

%package -n mingw32-libopenssl-1_1-devel
Summary:        Development files for OpenSSL
License:        OpenSSL
Group:          Development/Libraries/C and C++
Requires:       mingw32-libopenssl1_1 = %{version}
Requires:       mingw32(pkg:zlib)
Recommends:     %{name} = %{version}
# we need to have around only the exact version we are able to operate with
Conflicts:      mingw32-libopenssl-devel < %{version}
Conflicts:      mingw32-libopenssl-devel > %{version}
Conflicts:      mingw32-ssl-devel
Provides:       mingw32-ssl-devel
# Needed for clean upgrade from former openssl-1_1_0, boo#1081335
Obsoletes:      mingw32-libopenssl-1_1_0-devel < %{version}
# Needed for clean upgrade from SLE-12 openssl-1_0_0, bsc#1158499
Obsoletes:      mingw32-libopenssl-1_0_0-devel < %{version}

%description -n mingw32-libopenssl-1_1-devel
This subpackage contains header files for developing applications
that want to make use of the OpenSSL C API.

%if %{?_with_hmac}
%package -n mingw32-libopenssl1_1-hmac
Summary:        HMAC files for FIPS-140-2 integrity checking of the openssl shared libraries
License:        BSD-3-Clause
Group:          Productivity/Networking/Security
Requires:       mingw32-libopenssl1_1 = %{version}-%{release}
# Needed for clean upgrade from former openssl-1_1_0, boo#1081335
Obsoletes:      mingw32-libopenssl1_1_0-hmac < %{version}
# Needed for clean upgrade from SLE-12 openssl-1_0_0, bsc#1158499
Obsoletes:      mingw32-libopenssl-1_0_0-hmac < %{version}

%description -n mingw32-libopenssl1_1-hmac
The FIPS compliant operation of the openssl shared libraries is NOT
possible without the HMAC hashes contained in this package!
%endif

%package doc
Summary:        Additional Package Documentation
License:        OpenSSL
Group:          Productivity/Networking/Security
Conflicts:      mingw32-openssl-doc
Provides:       mingw32-openssl-doc = %{version}
Obsoletes:      mingw32-openssl-doc < %{version}
BuildArch:      noarch

%description doc
This package contains optional documentation provided in addition to
this package's base documentation.

%_mingw32_debug_package

%prep
%autosetup -p1 -n %{_rname}-%{version}

%build
%ifarch armv5el armv5tel
export MACHINE=armv5el
%endif
%ifarch armv6l armv6hl
export MACHINE=armv6l
%endif

export MINGW32_CFLAGS="%_mingw32_cflags"
# disable ssp
export MINGW32_LDFLAGS="%_mingw32_ldflags_base"
#    --cross-compile-prefix=%%{_mingw32_target}- \
#    --enginesdir=%%{_mingw32_libdir}/openssl/engines \

%_mingw32_env;
SYSTEM=MINGW sh -x ./config \
    no-idea \
    enable-rfc3779 \
%ifarch x86_64 aarch64 ppc64le
    enable-ec_nistp_64_gcc_128 \
%endif
    enable-camellia \
    zlib \
    no-ec2m \
    --prefix=%{_mingw32_prefix} \
    --openssldir=%{ssletcdir} \
    -fno-common \
    -ldl \
    -DPURIFY \
    -D_GNU_SOURCE \
    -D__USE_GNU \
    -DOPENSSL_RAND_SEED_OS \
    -DOPENSSL_NO_BUF_FREELISTS \
    $(getconf LFS_CFLAGS) \
    -Wall \
    --with-rand-seed=getrandom \
    --system-ciphers-file=%{_mingw32_sysconfdir}/crypto-policies/back-ends/openssl.config
 
# Show build configuration
perl configdata.pm --dump

util/mkdef.pl crypto update
make depend %{?_smp_mflags}
make all %{?_smp_mflags}

%check
# install wine pathes
%_mingw32_cross_wine_init $(pwd)

%if %{?_with_check}
export MALLOC_CHECK_=3
export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))

# we do not use CROSS_COMPILE, which would disable most tests from this recipe
rm test/recipes/02-test_errstr.t

# test fails on Tumbleweed
%if "%{_repository}" == "openSUSE_Tumbleweed"
rm test/recipes/04-test_asn1_encode.t
%endif

# run tests
# prefix with VERBOSE=1 to see details
%_mingw32_cross_wine_run make test -j1
%endif

# show cyphers
%{_mingw32_target}-gcc -o showciphers $MINGW32_CFLAGS -I%{buildroot}%{_mingw32_includedir} %{SOURCE5} -L%{buildroot}%{_mingw32_libdir} -lssl -lcrypto
%_mingw32_cross_wine_run ./showciphers.exe

%install
%make_install %{?_smp_mflags}
%if 0
# kill static libs
rm -f %{buildroot}%{_mingw32_libdir}/lib*.a
%endif
# remove the cnf.dist
rm -f %{buildroot}%{_mingw32_sysconfdir}/ssl/openssl.cnf.dist
ln -sf ./%{_rname} %{buildroot}/%{_mingw32_includedir}/ssl
mkdir %{buildroot}/%{_mingw32_datadir}/ssl
mv %{buildroot}/%{ssletcdir}/misc %{buildroot}/%{_mingw32_datadir}/ssl/
# Create the two directories into which packages will drop their configuration
# files.
mkdir %{buildroot}/%{ssletcdir}/engines.d/
mkdir %{buildroot}/%{ssletcdir}/engdef.d/

%if %{?_with_man}
# avoid file conflicts with man pages from other packages
#
pushd %{buildroot}/%{_mingw32_mandir}
# some man pages now contain spaces. This makes several scripts go havoc, among them /usr/sbin/Check.
# replace spaces by underscores
#for i in man?/*\ *; do mv -v "$i" "${i// /_}"; done
which readlink &>/dev/null || function readlink { ( set +x; target=$(file $1 2>/dev/null); target=${target//* }; test -f $target && echo $target; ) }
for i in man?/*; do
    if test -L $i ; then
        LDEST=`readlink $i`
        rm -f $i ${i}ssl
        ln -sf ${LDEST}ssl ${i}ssl
    else
        mv $i ${i}ssl
        fi
    case "$i" in
        *.1)
        # these are the pages mentioned in openssl(1). They go into the main package.
        echo %doc %{_mingw32_mandir}/${i}ssl%{?ext_man} >> $OLDPWD/filelist;;
        *)
        # the rest goes into the openssl-doc package.
        echo %doc %{_mingw32_mandir}/${i}ssl%{?ext_man} >> $OLDPWD/filelist.doc;;
    esac
done
popd
%else
rm -rf %{buildroot}%{_mingw32_mandir}
touch filelist filelist.doc
%endif

# Do not install demo scripts executable under /usr/share/doc
find demos -type f -perm /111 -exec chmod 644 {} \;

# Place showciphers.c for %%doc macro
cp %{SOURCE5} .

%if %{?_with_hmac}
# the hmac hashes:
#
# this is a hack that re-defines the __os_install_post macro
# for a simple reason: the macro strips the binaries and thereby
# invalidates a HMAC that may have been created earlier.
# solution: create the hashes _after_ the macro runs.
#
# this shows up earlier because otherwise the %%expand of
# the macro is too late.
# remark: This is the same as running
#   openssl dgst -sha256 -hmac 'ppaksykemnsecgtsttplmamstKMEs'
%{expand:%%global __os_install_post {%__os_install_post

# Point linker to the newly installed libcrypto in order to avoid BuildRequiring itself (libopenssl1_1)
#export LD_LIBRARY_PATH="%{buildroot}%{_mingw32_libdir}"
# setup wine to find system pathes
%_mingw32_cross_wine_init \
%_mingw32_cross_wine_run %{buildroot}%{_mingw32_bindir}/fips_standalone_hmac.exe \
  %{buildroot}%{_mingw32_libdir}/libssl-%{maj_min}.dll > \
    %{buildroot}%{_mingw32_libdir}/.libssl-%{maj_min}.dll.hmac

# As fips_standalone_hmac now uses the very same library it checksums,
# the libcrypto hmac needs to be saved to a temporary file, otherwise
# the library will detect the empty hmac and abort due to a wrong checksum
%_mingw32_cross_wine_run %{buildroot}%{_mingw32_bindir}/fips_standalone_hmac.exe \
  %{buildroot}%{_mingw32_libdir}/libcrypto-%{maj_min}.dll > \
    %{buildroot}%{_mingw32_libdir}/.libcrypto-%{maj_min}.dll.temphmac

# rename the temporary checksum to its proper name
mv %{buildroot}%{_mingw32_libdir}/.libcrypto-%{maj_min}.dll.temphmac %{buildroot}%{_mingw32_libdir}/.libcrypto-%{maj_min}.dll.hmac

##unset LD_LIBRARY_PATH

}}
%endif
# fix E: env-script-interpreter
# This script uses 'env' as an interpreter. For the rpm runtime dependency
# detection to work, the shebang #!/usr/bin/env perl needs to be patched into
# #!/usr/bin/perl otherwise the package dependency generator merely adds a
# dependency on /usr/bin/env rather than the actual interpreter /usr/bin/perl.
# Alternatively, if the file should not be executed, then ensure that it is not
# marked as executable or don't install it in a path that is reserved for
# executables.
# Isn't this a limitation of rpm runtime dependency detection and should be fixed there
for i in $(echo %{buildroot}%{_mingw32_bindir}/c_rehash %{buildroot}/%{_mingw32_datadir}/ssl/misc/CA.pl %{buildroot}/%{_mingw32_datadir}/ssl/misc/tsget %{buildroot}/%{_mingw32_datadir}/ssl/misc/tsget.pl); do
    sed -i 's,#!/usr/bin/env perl,#!/usr/bin/perl,g' $i
done

%files -n mingw32-libopenssl1_1
%license LICENSE
%{_mingw32_bindir}/libssl-%{maj_min}.dll
%{_mingw32_bindir}/libcrypto-%{maj_min}.dll
%dir %{_mingw32_libdir}/engines-%{maj_min}
%{_mingw32_libdir}/engines-%{maj_min}/*.dll

%if %{?_with_hmac}
%files -n mingw32-libopenssl1_1-hmac
%{_mingw32_dir}/.libssl.so.%{maj_min}.hmac
%{_mingw32_libdir}/.libcrypto.so.%{maj_min}.hmac
%endif

%files -n mingw32-libopenssl-1_1-devel
%{_mingw32_includedir}/%{_rname}/
%{_mingw32_includedir}/ssl
%{_mingw32_libdir}/libssl*.a
%{_mingw32_libdir}/libcrypto*.a
%{_mingw32_libdir}/pkgconfig/libcrypto.pc
%{_mingw32_libdir}/pkgconfig/libssl.pc
%{_mingw32_libdir}/pkgconfig/openssl.pc

%files doc -f filelist.doc
%doc doc/* demos
%doc showciphers.c

%files -f filelist
%doc CHANGE* NEWS README
%dir %{_mingw32_sysconfdir}
%dir %{ssletcdir}
%config (noreplace) %{ssletcdir}/openssl.cnf
%attr(700,root,root) %{ssletcdir}/private
%dir %{ssletcdir}/engines.d
%dir %{ssletcdir}/engdef.d
%{ssletcdir}/ct_log_list.cnf
%{ssletcdir}/ct_log_list.cnf.dist

%dir %{_mingw32_datadir}/ssl
%{_mingw32_datadir}/ssl/misc
%{_mingw32_bindir}/c_rehash
%{_mingw32_bindir}/fips_standalone_hmac.exe
%{_mingw32_bindir}/%{_rname}.exe

%changelog

Places

File mingw32-openssl-1_1.spec of Package mingw32-openssl-1_1

Places